The overwhelming majority of professional (84 percent) agree Europe needs
stronger data protection laws, but 77 percent are not confident their organisations comply with the current regulations.
This was one finding from research into attitudes among end-users towards security and data protection, conducted by Vanson Bourne on behalf of
cyber security company Sophos.
Of the 1,500 professional consumer and office workers surveyed across the UK, France and Germany, the majority confirmed that they were concerned about both their personal data (79 percent) and their corporate data (65 percent). However, while 91 percent of respondents had at least one safeguard in place when it came to protecting personal data, only 59 percent had anti-virus. Furthermore, almost half (49 percent) said their organisation either did not have a
data protection policy in place, or if it did had not communicated this to its employees.
The research, which was designed to gauge end-users’ understanding and awareness of data protection ahead of the new EU reforms, showed that of those surveyed, only 23 percent were completely confident their organisations complied with current data protection regulations. 50 percent confessed to either: not knowing what encryption was (7 percent); not knowing whether their organisation had it in place (23 percent); or said that their organisation did not have it in place (20 percent). Only 23 percent could confirm if their organisations encrypted both employee and customer data.
Mobile device security
The report also examined end-user attitudes to
mobile device security with nearly all respondents (98 percent) agreeing that the data is to an extent more important than the device itself. However, despite this, a quarter confessed to storing corporate information on their personal laptops and mobile phones, with almost one in five (19 percent) revealing they had lost a personal or mobile device at one point.
Furthermore, when it came to securing mobile devices, while the majority (64 percent) of respondents’ organisations implemented passwords to secure mobile devices, only 31 percent of those with company phones knew if they were encrypted as well. This compared with 51 per cent of those with company laptops who could clarify their laptops were encrypted, highlighting the continued willingness to accept mobiles as a risk.
Sharing data
The majority of respondents agreed that information was the most valuable asset, with almost all (95 percent) saying that they needed to share, send and access corporate data from any device or location in order to work effectively. The research also unveiled that 66 percent of respondents do not always check whether the data is safe to share, and in order to share data more easily two thirds (64 per cent) were prepared to use shadow IT and personal cloud services
to circumvent their organisations’ IT restrictions and security policies.
Attitudes to cloud storage also differed in each country. Overall, 31 percent said their organisation allowed them to use cloud storage solutions like Dropbox in the workplace. However in the UK this increased to 44 per cent, with only 27 percent allowed in France and 23 percent in Germany. A further 11 per cent were not allowed to use cloud storage solutions like Dropbox but did so anyway. Likewise it was respondents from the UK who were more likely to share data in the cloud: 52 percent versus 40 percent in France and 34 percent in Germany.
Views on current data protection legislation across Europe
There were also differences in opinion between the three countries with regard to the security of personal data: at 86 percent, France was more concerned than either the UK (78 percent) or Germany (74 percent). Germany was particularly unconcerned about cyber criminals getting hold of data (29 percent), compared with 49 percent in France and 45 percent in the UK. Equally, France was more concerned about the security of corporate data (76 percent) compared to 62 percent in the UK and 59 percent in Germany.
Interestingly, 60 percent of employees in the UK, compared with 43 percent in France and 50 percent in Germany, said their organisation had a data protection policy and it had been clearly communicated. In addition, the larger the organisation, the more likely users were to be aware of a data protection policy.
Gerhard Eschelbeck, CTO, Sophos said: “With cybercrime at an all-time high organisations need to ensure the right data protection policies are in place to safeguard employee and customer data. It’s clear from this research that despite the majority of end-users understanding the importance of information and the need to safeguard it, they are still prepared to ignore the dangers to make their lives easier. If we are to beat cybercrime, organisations need to ensure that the right policies are in place, not only to safeguard business critical information but also meet the needs of the employees.”
What do you know about Internet security? Find out with our quiz!